I use OpenDNS at our corporate office. The free version allows me to block sites by category but, will also give me a report (up to 2 weeks) of all sites visited. It will also show them by whether they were allowed or blocked.

The only real drawback I've found to filtering by category is, sites have to be voted on by users. Sometimes a new website will not be categorized for quite a while. You can also specifically block or allow individual sites, in limited quantities.

There is a pay version now that allows unlimited (?) history but, I didn't really need that.

Whether free or paid version, it is very easy to set up. Additionally, a lot of people report that DNS services are faster from OpenDNS than from most ISPs, giving your end-users the appearance of "faster" internet. I have not noticed any significant difference, myself.

... that you don't have to use the web filtering service to get the browsing history report. Just using OpenDNS for your DNS service will give you 2 weeks of sites visited (and how many times during that period). But, this service will not tell you who (what computer) visited which sites. If isolating by who visited what site is important, you'll have to find something else.

This is a very interesting method. But I suppose you would use this on S/M companies. This would not work for a segment of the network right? Something like a lab which is behind a physical firewall and proxy servers..I would believe the best would be if this would be a local solution instead of being depend of 3rd party dns services.

...sort of. It only logs calls to its service for DNS translation. If you only had part of your segmented network going through OpenDNS for lookup, that is all it would log.

In our facility, I have our internal DHCP Server hand out our local DNS Server which, in turn, is configured to look to OpenDNS. Therefore, by default, all browsing is logged by OpenDSN. However, I have 2 users' (myself and one other person) computers manually configured to use our ISPs DNS server, so they are not logged (nor are they filtered).

If your network is segmented to the point that each segment has its own DHCP server, you can also segment DNS lookup. However, your OpenDSN report is only keyed by your outward facing IP address. So reports can only be separated if your segments also have different gateways on different outside IP addresses.

Yes. it does help. It makes all sense in the way it works. Would be great to have a freeware sort of thing that does the same reporting but locally. Because it seems quite simple and user friendly to use.

I do my logging using MS ISA and its way more complicated. For a segment of the network smtg like Open DNS is just great.

... when a company won't tell you the price anywhere on their own website. I'd file that under the category of: If I have to ask... I can't afford it. Even the CDW website lists the cost as "CALL". Ouch.

Mind if I ask which version of IronPort you use and how much it cost? What are the subscription costs per year?

I use OpenDNS at our corporate office. The free version allows me to block sites by category but, will also give me a report (up to 2 weeks) of all sites visited. It will also show them by whether they were allowed or blocked.

The only real drawback I've found to filtering by category is, sites have to be voted on by users. Sometimes a new website will not be categorized for quite a while. You can also specifically block or allow individual sites, in limited quantities.

There is a pay version now that allows unlimited (?) history but, I didn't really need that.

Whether free or paid version, it is very easy to set up. Additionally, a lot of people report that DNS services are faster from OpenDNS than from most ISPs, giving your end-users the appearance of "faster" internet. I have not noticed any significant difference, myself.

... that you don't have to use the web filtering service to get the browsing history report. Just using OpenDNS for your DNS service will give you 2 weeks of sites visited (and how many times during that period). But, this service will not tell you who (what computer) visited which sites. If isolating by who visited what site is important, you'll have to find something else.

This is a very interesting method. But I suppose you would use this on S/M companies. This would not work for a segment of the network right? Something like a lab which is behind a physical firewall and proxy servers..I would believe the best would be if this would be a local solution instead of being depend of 3rd party dns services.

...sort of. It only logs calls to its service for DNS translation. If you only had part of your segmented network going through OpenDNS for lookup, that is all it would log.

In our facility, I have our internal DHCP Server hand out our local DNS Server which, in turn, is configured to look to OpenDNS. Therefore, by default, all browsing is logged by OpenDSN. However, I have 2 users' (myself and one other person) computers manually configured to use our ISPs DNS server, so they are not logged (nor are they filtered).

If your network is segmented to the point that each segment has its own DHCP server, you can also segment DNS lookup. However, your OpenDSN report is only keyed by your outward facing IP address. So reports can only be separated if your segments also have different gateways on different outside IP addresses.

Yes. it does help. It makes all sense in the way it works. Would be great to have a freeware sort of thing that does the same reporting but locally. Because it seems quite simple and user friendly to use.

I do my logging using MS ISA and its way more complicated. For a segment of the network smtg like Open DNS is just great.

... when a company won't tell you the price anywhere on their own website. I'd file that under the category of: If I have to ask... I can't afford it. Even the CDW website lists the cost as "CALL". Ouch.

Mind if I ask which version of IronPort you use and how much it cost? What are the subscription costs per year?